JP6888011B2 - 信頼できる実行環境を有するモバイル装置 - Google Patents

信頼できる実行環境を有するモバイル装置 Download PDF

Info

Publication number
JP6888011B2
JP6888011B2 JP2018529986A JP2018529986A JP6888011B2 JP 6888011 B2 JP6888011 B2 JP 6888011B2 JP 2018529986 A JP2018529986 A JP 2018529986A JP 2018529986 A JP2018529986 A JP 2018529986A JP 6888011 B2 JP6888011 B2 JP 6888011B2
Authority
JP
Japan
Prior art keywords
application
mobile
trusted
key
mobile device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2018529986A
Other languages
English (en)
Japanese (ja)
Other versions
JP2019505887A (ja
Inventor
フライン,ミン
エス・ケー・アブドゥル・アジズ,エス・エム・ソーヒドゥッツァーマン
ラマチャンドラン,シリアム
シャルペニエ,ベロニク
アンジュリニ,パトリス
Original Assignee
タレス・ディス・フランス・エス・ア
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by タレス・ディス・フランス・エス・ア filed Critical タレス・ディス・フランス・エス・ア
Publication of JP2019505887A publication Critical patent/JP2019505887A/ja
Application granted granted Critical
Publication of JP6888011B2 publication Critical patent/JP6888011B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • G06F21/725Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits operating on a secure reference time value
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box
JP2018529986A 2015-12-11 2016-12-09 信頼できる実行環境を有するモバイル装置 Active JP6888011B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP15306989.3 2015-12-11
EP15306989.3A EP3179690A1 (en) 2015-12-11 2015-12-11 Mobile device having trusted execution environment
PCT/EP2016/080527 WO2017098024A1 (en) 2015-12-11 2016-12-09 Mobile device having trusted execution environment

Publications (2)

Publication Number Publication Date
JP2019505887A JP2019505887A (ja) 2019-02-28
JP6888011B2 true JP6888011B2 (ja) 2021-06-16

Family

ID=55027656

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2018529986A Active JP6888011B2 (ja) 2015-12-11 2016-12-09 信頼できる実行環境を有するモバイル装置

Country Status (8)

Country Link
US (1) US10878083B2 (es)
EP (2) EP3179690A1 (es)
JP (1) JP6888011B2 (es)
KR (1) KR102217501B1 (es)
CN (1) CN108781210B (es)
BR (1) BR112018011782A2 (es)
ES (1) ES2917183T3 (es)
WO (1) WO2017098024A1 (es)

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11424931B2 (en) * 2016-01-27 2022-08-23 Blackberry Limited Trusted execution environment
KR102604046B1 (ko) * 2016-11-28 2023-11-23 삼성전자주식회사 전자 기기의 프로그램 관리 방법 및 장치
US10972265B2 (en) * 2017-01-26 2021-04-06 Microsoft Technology Licensing, Llc Addressing a trusted execution environment
US10897360B2 (en) 2017-01-26 2021-01-19 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using clean room provisioning
US10897459B2 (en) 2017-01-26 2021-01-19 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using encryption key
US10528749B2 (en) * 2017-03-20 2020-01-07 Huawei Technologies Co., Ltd. Methods and apparatus for containerized secure computing resources
CN109218260B (zh) 2017-07-03 2020-11-06 深圳市中兴微电子技术有限公司 一种基于可信任环境的认证保护系统及方法
US11403540B2 (en) * 2017-08-11 2022-08-02 Google Llc On-device machine learning platform
CN109787943B (zh) * 2017-11-14 2022-02-22 华为技术有限公司 一种抵御拒绝服务攻击的方法及设备
US10872144B1 (en) * 2017-12-07 2020-12-22 Ent. Services Development Corporation Lp Systems and methods for secure processing of data streams having differing security level classifications
US10911236B2 (en) * 2017-12-13 2021-02-02 Paypal, Inc. Systems and methods updating cryptographic processes in white-box cryptography
US10922441B2 (en) * 2018-05-04 2021-02-16 Huawei Technologies Co., Ltd. Device and method for data security with a trusted execution environment
EP3830733A4 (en) 2018-07-27 2022-04-27 BicDroid Inc. PERSONALIZED AND CRYPTOGRAPHICALLY SECURE ACCESS CONTROL IN A TRUSTED EXECUTION ENVIRONMENT
US11206130B2 (en) * 2018-07-31 2021-12-21 Nxp B.V. Customizing cryptographic keys between multiple hosts
US10908935B1 (en) * 2018-08-02 2021-02-02 Raytheon Company Estimation of guest clock value based on branch instruction count and average time between branch instructions for use in deterministic replay of execution
EP3608806A1 (en) * 2018-08-09 2020-02-12 Gemalto Sa Anti cloning for white box protected data
US11132440B2 (en) 2018-11-01 2021-09-28 Foundation Of Soongsil University-Industry Cooperation Hybrid trust execution environment based android security framework, android device equipped with the same and method of executing trust service in android device
WO2020107104A1 (en) 2018-11-30 2020-06-04 BicDroid Inc. Personalized and cryptographically secure access control in operating systems
KR102137894B1 (ko) * 2018-12-18 2020-07-24 서울여자대학교 산학협력단 커널 무결성 검사 장치 및 방법
CN109739522B (zh) * 2019-01-03 2022-02-18 中国—东盟信息港股份有限公司 一种适用于eSIM应用的TEE OS适配系统
US11646870B2 (en) * 2019-01-23 2023-05-09 International Business Machines Corporation Securing mobile device by RAM-encryption
CN113614720A (zh) * 2019-03-13 2021-11-05 华为技术有限公司 一种动态配置可信应用程序访问控制的装置和方法
CN110543764B (zh) * 2019-09-11 2021-07-23 飞腾信息技术有限公司 片上系统内存防护方法、密码加速引擎及内存防护装置
US11416619B1 (en) 2019-09-24 2022-08-16 Sprint Communications Company L.P. Trusted boot-loader authentication
CN110855667B (zh) * 2019-11-14 2023-04-07 宁夏吉虎科技有限公司 一种区块链加密方法、装置及系统
CN111881467B (zh) * 2020-06-12 2022-10-28 海光信息技术股份有限公司 利用安全处理器保护文件的方法、装置、cpu和计算机设备
CN111740824B (zh) * 2020-07-17 2020-11-17 支付宝(杭州)信息技术有限公司 可信应用管理方法及装置
KR102390381B1 (ko) * 2020-11-25 2022-04-25 고려대학교 산학협력단 시뮬레이션 데이터 기반 웹 페이지 로드 시간 예측 장치, 방법 및 이를 수행하기 위한 프로그램을 기록한 기록매체
CN112506531A (zh) * 2020-12-11 2021-03-16 中国科学院信息工程研究所 软件安装方法、装置、电子设备和存储介质
FR3118223B1 (fr) * 2020-12-17 2023-11-17 Tages Methode d’association d’un programme logiciel executable avec une plateforme informatique
US11979396B2 (en) 2021-05-19 2024-05-07 Bank Of America Corporation Information security system and method for machine-to-machine (M2M) security and validation
CN114021141A (zh) * 2021-10-29 2022-02-08 中国银联股份有限公司 一种电子设备、可信应用调用方法、装置、设备及介质
CN115017495B (zh) * 2021-11-09 2023-08-08 荣耀终端有限公司 定时校验方法、电子设备和可读存储介质
SE2250289A1 (en) * 2022-03-03 2023-09-04 Crunchfish Digital Cash Ab Preventing fraudulent use by cloning of a trusted application
CN114553603B (zh) * 2022-04-25 2022-07-29 南湖实验室 一种基于隐私计算的新型数据可信解密的方法
WO2024075929A1 (ko) * 2022-10-04 2024-04-11 삼성전자 주식회사 신뢰 실행 환경을 제공하기 위한 전자 장치

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
WO2008028989A1 (en) * 2006-09-07 2008-03-13 Nokia Corporation Managing information relating to secure module applications
US8352749B2 (en) * 2010-12-17 2013-01-08 Google Inc. Local trusted services manager for a contactless smart card
KR101744748B1 (ko) * 2011-01-05 2017-06-09 한국전자통신연구원 화이트박스 암호 테이블을 이용한 콘텐츠 보호 장치, 콘텐츠 암호화 및 복호화 장치
US20140040622A1 (en) * 2011-03-21 2014-02-06 Mocana Corporation Secure unlocking and recovery of a locked wrapped app on a mobile device
US9317689B2 (en) * 2012-06-15 2016-04-19 Visa International Service Association Method and apparatus for secure application execution
US11228427B2 (en) * 2014-02-11 2022-01-18 Ericsson Ab System and method for securing content keys delivered in manifest files
CN104134038B (zh) * 2014-07-31 2016-11-23 浪潮电子信息产业股份有限公司 一种基于虚拟平台的安全可信运行保护方法
US9871821B2 (en) * 2014-11-11 2018-01-16 Oracle International Corporation Securely operating a process using user-specific and device-specific security constraints
CN104765612B (zh) 2015-04-10 2018-05-08 武汉天喻信息产业股份有限公司 一种访问可信执行环境、可信应用的系统及方法
EP3086585B1 (en) * 2015-04-23 2019-12-11 Nxp B.V. Method and system for securing data communicated in a network
US10114958B2 (en) * 2015-06-16 2018-10-30 Microsoft Technology Licensing, Llc Protected regions
US10178164B2 (en) * 2015-08-31 2019-01-08 Visa International Service Association Secure binding of software application to communication device

Also Published As

Publication number Publication date
BR112018011782A2 (pt) 2018-12-04
CN108781210B (zh) 2021-11-09
JP2019505887A (ja) 2019-02-28
ES2917183T3 (es) 2022-07-07
WO2017098024A1 (en) 2017-06-15
EP3179690A1 (en) 2017-06-14
US10878083B2 (en) 2020-12-29
US20190005229A1 (en) 2019-01-03
CN108781210A (zh) 2018-11-09
KR102217501B1 (ko) 2021-02-18
EP3387813A1 (en) 2018-10-17
KR20180093038A (ko) 2018-08-20
EP3387813B1 (en) 2022-04-20

Similar Documents

Publication Publication Date Title
JP6888011B2 (ja) 信頼できる実行環境を有するモバイル装置
US9054865B2 (en) Cryptographic system and methodology for securing software cryptography
US11263311B2 (en) Securing virtual-machine software applications
WO2012115882A2 (en) Systems and methods for enhanced security in wireless communication
CN107870793B (zh) 一种应用程序中加载so文件的方法及装置
CN104751049A (zh) 一种应用程序安装方法及移动终端
US20090202078A1 (en) Device, system, and method of securely executing applications
CN108702353B (zh) 接收电子实体内的数据的方法及相关联的电子实体
CN108595950A (zh) 一种结合远程认证的sgx安全增强方法
Suciu et al. Horizontal privilege escalation in trusted applications
Cooijmans et al. Secure key storage and secure computation in Android
JP5575950B2 (ja) 無線端末装置およびシステム保護方法
US20190199694A1 (en) Individual encryption of control commands
US20230058046A1 (en) Apparatus and Method for Protecting Shared Objects
KR101906484B1 (ko) 어플리케이션 보안 방법 및 이를 수행하기 위한 시스템
Ribeiro et al. DBStore: A TrustZone-backed Database Management System for Mobile Applications.
EP3009952A1 (en) System and method for protecting a device against attacks on procedure calls by encrypting arguments
Park et al. Analyzing security of Korean USIM-based PKI certificate service
KR101552556B1 (ko) 휴대 단말기용 어플리케이션의 디컴파일 방지를 위한 방법 및 그 방법에 관한 호출매니저를 저장하는 프로그램 분배서버
Sitawarin iOS Security
ES2798077T3 (es) Sistema criptográfico y metodología para asegurar criptografía de software

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20191128

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20201225

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210126

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20210423

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20210511

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20210519

R150 Certificate of patent or registration of utility model

Ref document number: 6888011

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250